In a span of less than two weeks, the Commission Nationale de l’Informatique et des Libertés (CNIL), France’s lead privacy regulator, fined two companies – TikTok and Microsoft – for insufficient cookie consent practices. The CNIL’s cookie enforcement activity, which has been on the uptick, represents just one part of a broader enforcement initiative by European regulators who, in recent years, have been targeting cookie practices that are not in alignment with the GDPR’s stringent data privacy requirements. This article explores the CNIL’s recent enforcement actions, the broader heightened cookie enforcement activity across Europe, and offers lessons for multinational companies to avoid costly financial and reputational mistakes with their own cookie practices. See “Compliance Takeaways From the Latest GDPR Enforcement Statistics” (Feb. 2, 2022).